These days as a website owner we see tons of malicious activity on our sites daily. From people trying to perform MySQL injections that give them access to sensitive data, to application vulnerabilities, to tons and tons of contact and comment form spam. When it comes to the spam piece you can always put in a CAPTCHA method that verifies its a human and not a bot, but unfortunately some people are willing to pay for these to be solved automatically. The MySQL injections and application security pieces are real important to protecting your content and the server it runs on.
The information available to web owners for every visit they get is limited but with an I.P. address we can do some digging. Sure, the professionals out there who know what they are doing will likely spoof their address by putting a proxy in front of them, but for those who don’t, we can find where they are down to the zip code! One thing I do on some of my sites that get the most traffic is log IP addresses. I want to know what people are requesting and where they are requesting it from. You will notice sometimes long stringed out URL’s with MySQL syntax in them…. This is bad! This means that people are actively trying to exploit your code by doing a MySQL injection.
So how do we find out where they are? Their are several services out there that do I.P. look ups but I am going to go with Quova. Quova was obtained by Neustar in 2012 I believe, and can trace an I.P. address to its geographic extended zip code. It isn’t 100% guarantee to know where the IP is, or have the correct location, but its damn close to it.
Besides security, the Quova service allows online businesses to find out where their customers are located geographically, and where the potential customers are that choose not to checkout with a product in their cart.
Its homepage is here http://www.neustar.biz/enterprise/ip-intelligence
If you want to try their geo-location lookup services you can try it here:
One of the biggest downfalls of the service at this time is that it doesn’t support IPV6 but I am sure they are working hard to make it available.
If you wanted to build an application that uses the Neustar IP Intellgence API, you would first need to sign up. A free account only gets you a maximum of 1k queries a day but that may be plenty for some of us out there to get started.
Go here and sign up for a developer account with Quova.
Once you have a developer account, you will get an API key and a secret key that will be needed to hit the API.
While I like the example they to give for PHP on the developer site of Quova, I couldn’t get it to work so I was forced to create my own… which is fine.
<?php //read an ip address from the URL via GET method $ip = '/' . $_GET['ip']; //provide our credentials for API $apikey = 'YOUR API KEY GOES HERE'; $secret = 'YOUR SECRET KEY GOES HERE'; //get current time stamp in epoch $timestamp = gmdate('U'); // 1200603038 //create our signature by combining time stamp + secret + apikey and MD5 hashing them $sig = md5($apikey . $secret . $timestamp); //construct our API URL with the given parameters we just setup $url = 'http://api.neustar.biz/ipi/std/v1/ipinfo/' . $ip . '?apikey=' . $apikey . '&sig=' . $sig; //create a SimpleXMLElement object with our URL we just constructed $xml = new SimpleXMLElement($url, null, true); echo $xml; ?>
So if we pass an IP in our URL, the script makes a call to the API and returns an XML object containing all the results. Here is an example of the data returned when I did a lookup on a Google IP:
IP: 184.108.40.206 IP Type: Mapped Organization: google inc. Carrier: google inc. ASN: 15169 Connection Type: ocx Line Speed: high IP Routing Type: fixed TLD: net SLD: 1e100 Location: north america Latitude: 40.75891 Longitude: -73.97902 Country: united states Country Code: us Country CF: 99 Region: State: new york State Code: ny State CF: 94 DMA: MSA: City: new york Postal Code: 10020 Timezone: Area Code: 212 City CF: 90
So in conclusion, its a really nice API thats available to anyone with a limit of 1k queries a day… If you see some malicious activity on your site, its nice to be able to trace it back to an *alleged* location. Or if you would like to better market your products to your audience, its nice to follow trends by IP and geographic location so that you can build a strategy to get more leads/sales.